Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

Hugh Pickens DOT Com (2995471) writes "Sean Gallagher writes that the government built facilities for the Minuteman missiles in the 1960s and 1970s and although the missiles have been upgraded numerous times to make them safer and more reliable, the bases themselves haven't changed much and there isn't a lot of incentive to upgrade them. ICBM forces commander Maj. Gen. Jack Weinstein told Leslie Stahl from "60 Minutes" that the bases have extremely tight IT and cyber security, because they're not Internet-connected and they use such old hardware and software. "A few years ago we did a complete analysis of our entire network," says Weinstein. "Cyber engineers found out that the system is extremely safe and extremely secure in the way it's developed." While on the base, missileers showed Stahl the 8-inch floppy disks, marked "Top Secret," which is used with the computer that handles what was once called the Strategic Air Command Digital Network (SACDIN), a communication system that delivers launch commands to US missile forces. Later, in an interview with Weinstein, Stahl described the disk she was shown as "gigantic," and said she had never seen one that big. Weinstein explained, "Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.""

According to Wikipedia, Leslie Stahl was born in 1941, joined CBS news in 1972 and became a correspondent in 1974. So, she started working for a major news organization right about the time the 8-inch floppy hit its peak. Hard to believe she didn't see one somewhere. Maybe she just forgot, but the PDP-11 and the RX01/02 would have been ubiquitous in a news organization, one would think.

She may actually have used a terminal for data entry, or research in the 70s; but she wouldn't have been saving to her personal floppy disk. She'd have been saving to a file in her space (highly unlikely), printing out hard copy (more likely), or hitting some "file" button to send it to her editor (most likely).

But she'd have no more clue which disks they used then a subsistence farmer from Mozambique. Her first exposure to disks would probably be reporting on the Apple II, which used Woz's famous new disk-drive-control circuits and 5 1/2" disks.

Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.

No, they don't. Claiming obsolete hardware and software is more secure is just a thinly veiled security through obscurity claim. There are other claims here; the machines are airgapped, and I suspect that the physical site security is pretty good; but the use of old software and hardware adds nothing at all to that.

I used to work for SAC, specifically on SACDIN. I was a programmer for the system, but turned into network admin when they told us to complete the air gap and setup an offline network just for the source code, testing and administration of the system. I am not sure how much I am allowed to say, as my security clearance restricts me for like 75 years or something. But since most of what I will tell you can already be found here: http://www.fas.org/nuke/guide/... [fas.org], I figure I won't get a knock on the door.

SACCS and SACDIN are nearly the same, often interchanged in terminology. Most of us called it SACCS. We were the BALLS. That kind of stuff went on and on... it never got old.

The systems are not nearly as outdated as you think. The endpoints are old, but the stuff in the middle is much newer. The code is reviewed every 6 months. There is probably code in there from the 60's, but it has been reviewed hundreds of times. There is new stuff and changes all the time.

There are modern computers that the programmers code with. There are modern computers in the links from SAC to silo. They are hardended and locked down, but let's be honest, the airmen have physical access. That's why you need a clearance just to touch the computers that make the code that runs the network.

Sure, you can get the same security by isolating modern machines from a network and loading code using USB's or CD's and DVD's, but why fix something that's not broken? These systems only have one job, and they were a significant investment when they were installed, and the still do their job pretty effectively. The US therefore has little to no incentive to upgrade the systems already in place.

The other thing worth mentioning is the simplicity of these systems. Older hardware is suprisingly easy to servic

I don't think that's true, how long would it take you to ensure no backdoor had been slipped into even the Windows 95 binaries you're installing on the machine compared to auditing the source code and compilation process of even say an early version of DOS? let alone something even more simplistic again.

The fact is more code = more chance of missing malicious code. Older hardware and software almost always means smaller codebases, more simplicity, and less scope for malicious code.

Actually, it does. The fact that you cannot load data on these machines using a USB device does mean that they are more secure. The fact that anybody carrying around something that would allow them to quickly and easily load software (whether malicious or not) onto these machines would be obvious to anyone watching them does in fact increase security. The security does not come from the fact that the hardware is old, but from the fact that attempts to load software onto it are obvious. And on the software side it is not the fact that it is old that adds security, rather it is that the people who are knowledgeable enough about it to hack it are extremely rare. In both cases, these facts are a result of them being old, but the age is not what he is claiming makes them more secure. Rather it is a side effect of them being old.

Actually I'd argue that's not entirely true. It's far easier to verify there's no back door in vastly simpler hardware and software from back then than there is in the vastly more complex hardware and operating systems of today.

That was a time before I believe we even had computers automatically attempting to optimise circuitry - it was all hand done and the reasons for designs were entirely understandable and known by humans.

Back then processors did exactly what you told them to, nothing more, and nothing

These old networks are airgapped in so many ways, not just by removing the CAT6 to the Internet. The disks themselves are airgapped, as they're not constantly in systems which can read them; likewise, there's a huge airgap between a spy and a reader: if the disks are stolen, they need a huge honkin' machine to read them, or they need to use base facilities which have cameras and guards. Further, the media is low-density: you need to physically transport a truckload to get what fits on a modern CD-R, much less on a 64GB microSDHC.

Just as with 1000 iteration hashing, these large systems impose a time limitation on mass copy. If you want to access this top-secret file, it's merely 15kB of text stored on a 40kB disk. If you want to steal the wealth of information archived here, you must find the disks you want and then copy each of them. If you want it all, you must spend weeks if not months copying each individual disk to a portable flash drive.

There are some real difficulties involved in stealing this much data in this form. That provides a layer of security by requiring high-visibility or excessively slow methods of data access, both of which sharply increase risk in espionage. You are more likely to catch and interrupt any significant espionage attempt in this model than in a model where we put all our stuff on a USB drive that's taken to a modern machine in a secure room.

Correlation is not causation. I don't see any claim that the systems are secure because they're obsolete. I think the fact that they use technology from many decades ago means that they are simple, and the fact that they are simple means it was easy to make them secure and show that they are secure today. I think we could just as easily make a secure system today if we use modern technology, as long as we keep everything very simple. It's slapping on layer after layer of general purpose hardware and code th

Instead of "Security through obscurity", we now have "Security though obsolescence."

Actually, obsolete is in the eye of the user. Sure, you wouldn't want that as a computer you use for watching videos; but if it reliably does its designed job than it is not obsolete. Old hardware has an advantage; it has been tested and debugged and known to work as planned. Replacing it would involve a lot of work for little gain if the old stuff works; and you run the risk of introducing new bugs and problems that could cause serious problems. A system designed today probably wouldn't rely on ancient hardware; however as long as you can keep it working replacing it is neither cost nor operably beneficial. Security is an added benefit.

Is something obsolete if it can still perform it's design function effectively and economically? About 5 years ago, I gave a friend a Windows 98 computer as a backup for the one he had running an engraving machine. (For plaques that go on awards and trophies) The system is stand-alone and is designed for that type of computer. A replacement system would cost thousands and would not provide any additional benefit to his business. I wonder about the supportability issue, but otherwise I don't see a probl

I think the scary thing is that somewhere, in a large warehouse, our government has a stock of 8-inch floppies. Either that, or they are buying them from Initech at ridiculously high, sole-source prices. Come to think of it, the latter case is probably more likely.

Are there any old drives around that can read these disks? What do they do if the drives fail? I am surprised this really still works, but I guess the stuff works, so they have no real inclination to upgrade it anytime soon. What old operating system do you need to read 8" floppy disks? Would DOS 6.22 work or would you need something even older?

I seem to remember those 8" drives on old DEC equipment - VAX minicomps and the like.

I worked on systems in the late 80's that used 8 inch floppies (Network 90 DCS - which I think ABB owns nowadays). These were installed in the Operator Interface Units (OIUs) for backups etc. In my case I was running a pseudo multi-tasking program written in TI-Basic that read and wrote data to the floppies by overlaying variables in the Basic address space with absolute sectors from the floppies.

Yes, there are. I have one, and a Catweasel controller that can read and write basically any format on it.

The 8 inch standard format is very similar to the 1.2MB 5.25 inch format. Actually, it's the other way around, as when IBM built the PC AT and the high-density drives for it they apparently intentionally made the formats nearly identical. They're so close that computers that use 8 inch diskettes can typically be modified to run with 1.2MB HD 5.25 drives and media with only a new controller to drive cable and new drive power supply (8 inch drives typically take either AC mains power to run the spindle or 24VDC, and 5.25 drives take 12VDC to run the spindle). See http://nemesis.lonestar.org/co... [lonestar.org] for some tech info on how to do this with one of the first multiuser 'personal' computers, the Radio Shack TRS-80 Model 16 (and descendents the 16B and the 6000). Also see http://www.dbit.com/fdadap.htm... [dbit.com] for the 'proper' adapter board.

8 inch diskettes are famously reliable with good quality media, and the bits aren't packed so densely that an EMP event will wipe them out, as long as they're in a faraday cage with sufficient attenuation and power handling capacity.

Current production high-density PC FDC's can easily handle the 8 inch drive with the proper adapter cable, but the number of supported formats is small. More flexible is the USB interfaced Kryoflux, and the PCI Catweasel MK3 and MK4 (the Kryoflux is currently in production and available for purchase; the Catweasels have been out of production for a while and are a bit difficult to obtain last I checked; I bought my MK4 from amigakit.com, but they appear to only have the Amiga-specific MK2's in stock.

I still have my CP/M computer, twin 8" floppies, 64k memory, 4 mhz z80 processor. Every two years or so I fire it up just for fun, and it runs just fine. Agreed it shouldnt, but it does. And Wordstar runs just about as fast as the latest Word 2013. Not that I'd want to go back to those days, but there is no doubt in my mind it will outlive any computer and server in my office.

Do you really think that the United States military, very specifically, the part of it that can unleash a version of hell that you have trouble even imagining, does not have the budget to get those drives manufactured, one off or any other part of the system?

Anything from the 70's and the early 80's will work.
Some VAX computers (11/780 series) used 8" floppy to read the boot loader. OSes like VAX/VMS, RSX-11, RT-11 will read/write them. I also suspect that any old IBM computer/OS will read them.

The main problem is that hardware was more proprietary in those days. You cannot just plug in any 8" drive.
File systems and formatting were different between OSes and vendors, so you need the OS that wrote it to be able to read it (or an emulator).

I see no downside to this. There's no reason for our nuclear silos to be networked or to run modern hardware. If it works, don't fix it.

Related: anyone remember in the pilot of the Battlestar Galactica remake how they explained that the reason there was all that old tech (phones with cords, manual doors) aboard a starship made with technology hundreds of years superior to our own was that they designed it that way on purpose to prevent hacking? Kinda makes you wonder--if there's actually a cyber warfare component to the next major conflict, will the military tech that's developed afterwards end up resembling 1970s (or earlier) era hardware more so than the "futuristic" tech you see in most modern SF?

I suspect that would be the case. One good war where you lose because your computer controlled weapons system got zero-dayed and the enemy was launching your own missiles at you via TeamViewer while your mouse refused to respond and I suspect your replacement ships would require you to manually program the coordinates and launch the missile by pulling a piece of string from behind a blast screen.

anyone remember in the pilot of the Battlestar Galactica remake . . . designed it that way on purpose to prevent hacking?

I do and I grinned when I heard those lines. Like so many of us on here, I work in the IT field (mainly solving problems created by others), and want to continually smack people upside the head when I hear them talking about wanting to add devices at random to the network or all the things they do on their smart phones.

The amount of people, in IT especially, who think networking everything is the be all and end all is staggering simply because these people, do not think the process through to realize the HUGE security issues they are opening themselves up to. These are the same people who think pushing the envelope of technology is a good thing until it bites them in the ass and they come running to my area to fix what it is they broke.

In a way, I get a sense of schadenfreude when I hear about people who have their phones lost/stolen with all their information on it, or who install the latest and greatest piece of software and find themselves wide open to attack.

Like most things, there is a reason not being at the forefront of technology is a good thing. You let others make the mistake and get exploited so you know how to be safe. In the case of Galactica, not being networked and not having the latest and greatest was its strongest defense.

I see no downside to this. There's no reason for our nuclear silos to be networked or to run modern hardware. If it works, don't fix it.

Related: anyone remember in the pilot of the Battlestar Galactica remake how they explained that the reason there was all that old tech (phones with cords, manual doors) aboard a starship made with technology hundreds of years superior to our own was that they designed it that way on purpose to prevent hacking? Kinda makes you wonder--if there's actually a cyber warfare component to the next major conflict, will the military tech that's developed afterwards end up resembling 1970s (or earlier) era hardware more so than the "futuristic" tech you see in most modern SF?

People keep hyping up drones as the way of the future but I can't help but wonder if that enthusiasm won't be dampened by the first large scale incident of drone formations being hijacked or brought down by hacking or shot down in droves after their command links have been jammed. One good thing about pilots, they are very hard to jam and pretty resistant to hacking. There is a persistent rumour that the RQ-170 (aka. "The Beast of Kandahar") was brought down by jamming its satellite and ground control signa

Related: anyone remember in the pilot of the Battlestar Galactica remake how they explained that the reason there was all that old tech (phones with cords, manual doors) aboard a starship made with technology hundreds of years superior to our own was that they designed it that way on purpose to prevent hacking?

You find it surprising to find that a fictional world is built to accommodate the plot set in it? Seriously, fiction is a very, very, bad way to evaluate things for the real world.

I see no downside to this. There's no reason for our nuclear silos to be networked or to run modern hardware. If it works, don't fix it.

Disclaimer: While I don't play a nuclear weapons technician on TV, I was one in real life. (Fire Control Technician (Ballistic Missiles) Second Class (Submarines), USN Submarine Service 1981-1991.) I've worked with weapons system components (both installed and spare) that were years and decades old, and have studied the issues as a civilian as well.

Actually, there's a number of downsides, most of which should be obvious with a few minutes serious thought:

Spares - as your systems recede ever further from current technology, the cost of spares goes up and the number of potential suppliers goes down. One of things that drove the (many times delayed) conversion of the SSBN's from Trident-I to Trident-II in the late 90's/early 00's was the drying up of the spares pool. (One of the key reasons they were able to delay so long was they were able to rely on a pool of spare salvaged from the older '41 boats when they were decommissioned in the early 90's.)

Maintenance - as components age (and they do age, whether installed or sitting in a warehouse), you start climbing up the right hand side of the bathtub curve [wikipedia.org]. This means that your maintenance costs and downtime start rising sharply and also exacerbate the spares issues. I've personally had to replace cables where the insulation was damaged by aging - and had to go through three sets of spare cables to make up one good one. (And the trainers really kill you here, as they're used and abused much harder than the operational hardware.)

Support - as with spares, the farther you recede from current technology and practices, the harder it becomes to find people and companies with the experience to support and maintain the systems. Eventually you reach a closed ecosystem where the military relies on local tribal knowledge and contractors rely on a pool of specialists that dwindles as the old guys retire. (You can overcome this, but it costs significant money.)

Compatibility - when you (as the USAF has done) upgrade parts of the system but not the rest, you end up with all manner of compatibility issues. You either have to limit the performance of the new hardware, or build specialized interfaces, or build in emulators, etc... (The latter two drive up costs and increase the potential sources for faults and bugs.)

Etc..., etc...

The USAF claiming that older tech makes them more 'safe' is just making lemons into lemonade. (And the situation is mostly a product of how far the missiles are from being a priority.) Mostly, I evaluate the claims as a way to deflect attention from the number of serious incidents they've had recently and from their significant personnel problems.

If it's lasted four decades (I assume they run tests periodically), what makes you think it's going to break any time soon? My line of reasoning here is something similar to one I've heard about airplanes: in many senses, if you're going to fly, you want to be flying in an old bird--assuming proper maintenance, anything that was going to go wrong in a aircraft would have gone wrong already, so if it's still flying after several decades, it's likely the safest thing in the world.

If you take all that old stuff apart, little of it looks very hard to manufacture. And that's if you need to... most can probably be reconditioned or simply acquired from spares. Injection molded plastic will certainly get brittle, but making new 70s-era injection molded parts is not rocket science... if you even need them to be injection molded plastic. Machinable or rapid prototyped materials probably would work just fine. Remember that they don't need consumer-level cost effectiveness here.

Security is about forcing the blackhats to go through time and expense. STO usually doesn't work, but with using thirty year old technology, it would require an attacker to jump through a lot of hoops just to even procure a computer that can read an 8" floppy drive, the drive itself, and the exact media used (hard-sectored or soft-sectored). Even then, there are different ways to format the disk, be it CAV or CLV, one read/write head or two.

Wow, you just don't get it! Your remark implies that he is some sort of Luddite with the attitude of, "it worked for my grand pappy so it is good enough for me!"

What the man said is that they did a complete audit of the systems and given the requirements they determined that what they have is the most secure system they can come up with.

Your remark also implies that they should be all modern with a nice tomcat stack running php, python or god alone only knows what bit of Swiss cheese stack of cruft to control the very things that could quite easily turn this entire planet into a spinning ball of radioactive fire."

"Those older systems provide us some, I will say, huge safety, when it comes to some cyber issues that we currently have in the world.""

Note that the guy in charge of all the nuclear missiles in the United States invokes a security-though-obscurity argument to justify obsolete systems.

Well, he does have a point.

For starters, if there's no modern input method (i.e., network connection, USB ports), there's no way to hack the system with modern electronics, and I doubt you could successfully sneak an era-specific "portable" computer [wikipedia.org] in unnoticed.

The other good reason I thought of* is the fact that old, analog electronics are more likely to survive the EMP from a nuclear blast than modern, solid-state stuff. To wit, if a well-placed air-burst nuke drops EM radiation across the continental US

No, it's not security though obscurity, it's security though not being on the internet, not needing the internet, and not wanting the internet. The older tech prevents someone from even being able to hook it up to the internet even if they wanted to. The internet is one big security hole, and if you don't need it then anything that prevents you from having it is a plus for security.

Running obsolete systems isn't quite on par with typical security through obscurity. It's not a matter of guessing the right URL to access elevated permissions. It's a matter of procuring 50-year old technology, which by the way nobody outside of the US ever actually got good at producing. How exactly would you go about hacking into a system not connected to any networks and controlled by 8" floppy disks? Especially since, in addition to the obscurity, there are armed guards everywhere?

My concern here is not cybersecurity, but data integrity. Not sure what's on those ancient floppy disks, but if it is mission critical, then that's a problem. The failure rates on those would be unacceptably high.

I know this is opening things up for lots of bad jokes..... but, it really boils down to whether the cookie's lubricant is still effective at allowing the cookie to spin to the correct RPM, +/- the FDC's tolerance. And that is dependent upon the storage conditions (mostly humidity) and the media quality. Being in a military application, this media is likely the most expensive made, if not the highest quality.

Yes, the actual magnetic media is called a 'cookie.' And the word 'cookie' is a bit more

"...Stahl described the disk she was shown as "gigantic," and said she had never seen one that big."

And she realized only when the last syllable rolled off her tongue the double meaning of her words, punctuated by the shit-eating grin the General couldn't wipe off his face as he tried to explain that nuclear cowboys wrangling silos must swing big disks to be "secure"...

This is way out of date. We need to put our missiles in The Cloud, and re-do the launch control UI so it looks pretty. Get on it right away, I expect nothing less than $10 billion spent for a non-working system. Boy though, the guy wearing the fedora will think it's the best thing in the world. It is good for him too. It'll pay off most of his student debt.

With tech from that erra, it is a lot easier to fabricate replacements from scratch then today. For that matter, more of it can be fixed as opposed to being integrated in such a way that your only option is to trash and replace.

I knew someone who used to work in the Blue Cube (air force base that monitored early warning systems) in the early 90s, and was told that they still used lots of PDPs, sat at metal desks, and other stuff from the 70s even though they were sitting in the heart of silicon valley.

Last I saw an 8" floppy was for the PDP-11 console that sat inside a VAX cabinet in order to help it boot up.

Now how to fix this stuff? During glasnost era I presume you could second source parts from USSR clones... You could replace the entire system and stick it on a chip and have it all done as a student project. But these computers weren't used as general purpose computers, a lot of the reasons they're kept around is because of a specific hardware interface to other equipment and because it requires people with high security clearances and a budget to design replacements (ie, no student projects). Probably a requirement too to be resistent to electromagnetic pulses which is a plus for a lot of older equipment.

Loving the sarcasm, but seriously, these antiquated systems are probably a lot more secure than many modern systems. After all, it's next-to-impossible to hack one of these missile control systems if they're not connected to the internet and code must be loaded on 70's era floppy disks (which are next-to-impossible for Joe Bloggs to get hold of)

Sure, it's terrible energy-inefficient, and the support costs must be through the roof, but i'm more comfortable knowing that the missile control systems are running on pre-internet (and even ARPANET?) systems. It means the many enemies of the US cannot just hack into the missile control systems and start armageddon. No internet, no hacking, no problem.

After all, it's next-to-impossible to hack one of these missile control systems if they're not connected to the internet and code must be loaded on 70's era floppy disks (which are next-to-impossible for Joe Bloggs to get hold of)

This sounds a whole lot like security through obscurity. Not that obscurity isn't good if it makes things harder, but it would be a mistake to rely upon it in any way.

Given the agents you are trying to secure against - i.e. foreign governments - the resources to acquire and develop for 70s and 80s era equipment are easily obtainable.

If the technology being old leads to a lack of developers familiar with the equipment and software, it could quickly become a significant hindrance to good security.

Its not security via obscurity because the real security doesn't rely on the lack of 8" floppies. The real protection is a) not being hooked up to the internet, b) lots of doors & guys with weapons standing between you and the control station. But I guess if some airforce commander throws a few bones to a dumb journalist and has a laugh about it back at the club with the boys, is that obscuring the real security?

You mean Ogre? I don't think that can actually physically destroy a plate:http://wiw.org/~meta/vsum/view... [wiw.org]If you mean something else, I would be interested in hearing how it actually manages to change the head flying altitude...

Actually it is a pretty good one. Older equipment has been vetted for a good long time, and is generally simpler so there are fewer points where new vulnerabilities might exist. One of the reasons we have had so many security problems is the constant flow of new features being tacked on at every level combined with people wanting the technology to do so much more.

Indeed. How long has it been since anyone manufactured 8" disks? Twenty years at least, I'd say. I inherited an old Tandy 6000 computer running Xenix which had an 8" drive back in the early 1990s, and I remember even then they were special order items. At that point high density 5.25" inch and 3.5" drives were coming into their own.

Not only are the floppies old, but the drives are old, and keeping old floppy drives going can be a pain.

Oh sure, you think we're that easy to fool? Trying to get us to use your 8" disks with hidden backdoors encoded in them? No thank you. We get all of our supplies from official channels, which source from the IBM division called Lenovo.

It's secure against a Stuxnet style sabotage attack, and secure against a remote hack. But hijacking a nuclear missile silo is a different type of mission.

You could likely simulate the entire system on a damn Arduino. On site, just open a panel, swap out a cable, bypass the whole control system.

Even if the floppies themselves contained some data or codes necessary to access/program the missiles (for example), given the low data densities, by modern standards the magnetic domains are the size of cows. You could easily jury-rig up a hand-held reader from commercial components and a bit of hard-hack know-how. And brute force decrypting anything from that era should be doable on a modern laptop.

Any custom system is safe, provided the enemy doesn't know how it works. But security-by-antiquity is a particularly bad example of security-by-obscurity given the likelihood of information leakage over time by people who didn't realise that their systems were still in use (particularly if they were never told what they were used for.) And chances are, your own intelligence people aren't even going to know what to listen for: "Yeah, just some hobbyists talking about early '70s computer technology. Disregard."

On site, just open a panel, swap out a cable, bypass the whole control system.

Just so you know, when you open that panel, you're dead. They have antipersonnel mines built in, in case of unauthorized access to the panel. ICBM security doesn't fuck around.

This is the sort of security that involves lethal countermeasures, and yes, they thought of that. That too. There were geeks involved in the planning, so that other thing you think is clever? Lethal countermeasures.

It may be possible for the primary missile console. It's in a vault, manned by two specially chosen and armed airmen who are authorised to shoot each other if their partner causes a problem, designed so that it's physically impossible for a single person to operate alone, etc etc. It wouldn't surprise me if they had actual honest-to-god booby-traps in the console itself.

When doing maintenance, you switch out missile ops to the second control room, send in bomb-techs to turn off the booby-traps, then and onl

Well, in my experience the good quality double-sided drives are more reliable as they age. The reason being is that a single-sided drive has a rather critical piece of felt as a pressure pad on the top surface, and those pads are notorious for the glue holding them to the head carriage drying out and causing them to fall off.

Double-sided drives, on the other hand, have an actual head on the top surface and those tend to stay put.